Documentation of the security model by tgraf · Pull Request #503 · cilium/cilium

tgraf · 2017-04-03T19:00:28Z

aanm

In the image, why does role= have a different color? Do you think the image should also contain the source concept?

borkmann

Looks great, couple of minor things commented.

borkmann · 2017-04-10T17:19:47Z

Documentation/architecture.rst

This makes scaling efficiently difficult. Perhaps This makes it difficult to scale efficiently.

borkmann · 2017-04-10T17:23:17Z

Documentation/architecture.rst

Perhaps clear transition from labels to identity is a bit missing. Maybe Instead, security is based on the identity of a pod, which is derived through labels.

borkmann · 2017-04-10T17:24:47Z

Documentation/architecture.rst

will creats

borkmann · 2017-04-10T17:25:50Z

Documentation/architecture.rst

are subject to being be considered

borkmann · 2017-04-10T17:26:34Z

Documentation/architecture.rst

labels The standard

borkmann · 2017-04-10T17:34:22Z

Documentation/architecture.rst

unless policy policy enforcement is

borkmann · 2017-04-10T17:38:56Z

Documentation/architecture.rst

Maybe cilium monitor could be mentioned here on how to debug drops and policy violations. But could be a future section for debugging/introspection perhaps. Could also have the links to the ascii cinema demos.

borkmann · 2017-04-10T17:41:19Z

Documentation/architecture.rst

In the readthedocs, somehow this rightmost cell is cut off to fit the page, scrolling to the right by marking the text.

borkmann · 2017-04-10T17:44:15Z

Documentation/architecture.rst

Maybe link to ascii demo.

Will do once it is linked

borkmann · 2017-04-10T17:46:34Z

Documentation/architecture.rst

s/node/nodes/

Initial version of the security policy model documentation Signed-off-by: Thomas Graf <[email protected]>

Signed-off-by: Thomas Graf <[email protected]>

tgraf · 2017-04-10T20:44:31Z

In the image, why does role= have a different color? Do you think the image should also contain the source concept?

The graphics can definitely be done better. Agreed that source needs to be documented as well. This is no way near complete. It's a start.

Follow-up for cilium#503 to address cilium/cilium-cli#503 (comment) Also add a comment so we don't forget to re-enable the check again once issue cilium#361 is resolved. Signed-off-by: Tobias Klauser <[email protected]>

* chore: update footer and add blog post * chore: update blog link * chore: add license link

tgraf added the kind/enhancement This would improve or streamline existing functionality. label Apr 3, 2017

tgraf added this to the 0.9 milestone Apr 3, 2017

tgraf force-pushed the policy-doc branch 17 times, most recently from c7d264a to e1500c8 Compare April 10, 2017 16:33

tgraf requested review from aanm, borkmann and mchalla April 10, 2017 16:40

aanm reviewed Apr 10, 2017

View reviewed changes

borkmann approved these changes Apr 10, 2017

View reviewed changes

tgraf added 2 commits April 10, 2017 20:55

doc: Documentation of the security model

aaaccb8

Initial version of the security policy model documentation Signed-off-by: Thomas Graf <[email protected]>

Add API reference documentation

01ee203

Signed-off-by: Thomas Graf <[email protected]>

tgraf force-pushed the policy-doc branch from e1500c8 to 01ee203 Compare April 10, 2017 20:40

tgraf merged commit c9589d6 into master Apr 10, 2017

tgraf deleted the policy-doc branch April 10, 2017 20:55

yoursanonymous pushed a commit to yoursanonymous/cilium that referenced this pull request Jan 31, 2026

chore: update footer and add blog post (cilium#503)

9352c72

* chore: update footer and add blog post * chore: update blog link * chore: add license link

Conversation

tgraf commented Apr 3, 2017 • edited by aanm Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

aanm left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

borkmann left a comment

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

tgraf commented Apr 10, 2017

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

tgraf commented Apr 3, 2017 •

edited by aanm

Loading

aanm left a comment •

edited

Loading